Privacy Policy

Last updated: March 23, 2026

1. Data Controller

Avioni GmbH
Konrad Schmieder
Pfaffenweg 26, 89231 Neu-Ulm, Germany
Email: datenschutz@avioni.de

2. Overview

This privacy policy applies to the website zeitstrom.avioni.cloud and the mobile application "Zeitstrom | TimeStream" (hereinafter "App"). The App is a calendar with weather, moon, solar, biorhythm, menstrual cycle, and Outlook integration. This privacy policy informs you about what data is collected, how it is processed, and what rights you have.

3. Legal Basis (Art. 6 GDPR)

  • Consent (Art. 6(1)(a) GDPR): Location access, Outlook sign-in, entry of date of birth and cycle data.
  • Legitimate Interest (Art. 6(1)(f) GDPR): Technically necessary API requests for core app functions (weather, astronomy, solar activity), website provision.
  • Performance of Contract (Art. 6(1)(b) GDPR): Provision of app features according to the terms of use.

4. Data Processing on the Website

4.1 Server Logs

When visiting this website, the hosting provider (Hostinger) automatically collects server log files including: IP address (anonymized), date and time of access, page visited, browser type, and operating system. This data is stored for a maximum of 30 days and serves exclusively for technical security.

4.2 Cookies

This website uses only technically necessary cookies (cookie banner setting). No analytics or tracking cookies are used. No Google Analytics, Facebook Pixel, or comparable services are employed.

5. Data Processing in the App

5.1 GPS Coordinates (Location)

Purpose: Retrieval of location-dependent weather, moonrise/moonset, and astronomy data.

Processing: Coordinates are transmitted anonymously (without device or user identifiers) to the backend and from there to the Open-Meteo API. The backend uses coordinates solely as a cache key and does not store any association with users.

Legal basis: Consent (operating system location permission).

Retention: Temporarily in API cache (max. 24 hours), no permanent storage.

5.2 Name

Purpose: Personalization of the display within the app.

Processing: Stored exclusively on the device in a local Hive database.

Legal basis: Consent.

Retention: Until deletion by the user or uninstallation of the app.

5.3 Date of Birth

Purpose: Calculation of biorhythm.

Processing: Stored exclusively on the device. NEVER leaves the device.

Legal basis: Consent.

Retention: Until deletion by the user or uninstallation of the app.

5.4 Menstrual Cycle Data (Health Data, Art. 9 GDPR)

Purpose: Cycle tracking and prediction within the app.

Processing: This particularly sensitive data is stored exclusively on the device. It is NEVER transmitted to any server, backend, or third party.

Legal basis: Explicit consent (Art. 9(2)(a) GDPR).

Retention: Until deletion by the user or uninstallation of the app.

5.5 Outlook OAuth Token

Purpose: Retrieval of calendar events from Microsoft Outlook.

Processing: The OAuth token is stored encrypted in flutter_secure_storage on the device. It is used exclusively for communication with the Microsoft Graph API and is never transmitted to the backend or other third parties.

Legal basis: Consent (user actively signs in to Microsoft).

Retention: Until the user signs out or revokes access.

5.6 API Cache

Purpose: Improvement of app performance and reduction of API requests.

Processing: Responses from external APIs are cached locally in a Hive database.

Legal basis: Legitimate interest.

Retention: Automatic cleanup after max. 24 hours.

6. Backend Server

The app communicates with a FastAPI backend hosted on a Hostinger VPS. The backend is stateless:

  • No user accounts are maintained.
  • No personal data is stored.
  • API responses are temporarily cached with coordinates as cache key (max. 24 hours).
  • Server location: Hostinger data center in the EU.

7. Third-Party Services

Service Provider Purpose Data Shared
Open-Meteo API Open-Meteo GmbH (Switzerland) Weather data GPS coordinates (anonymous)
NOAA SWPC US NOAA Solar activity No personal data
NASA DONKI NASA Solar flares No personal data
Microsoft Graph API Microsoft Corporation (USA) Outlook calendar OAuth token (device-direct)
FreeAstrologyAPI FreeAstrologyAPI.com Astrological calculations Anonymized coordinates/timestamps
Hostinger Hostinger International Ltd. (Lithuania) Backend hosting & website GPS coordinates (cache key), server logs

When using Microsoft Graph, data may be transferred to the USA. Microsoft is certified under the EU-US Data Privacy Framework.

8. Platform-Specific Information

Apple iOS

The app does not collect the IDFA (Identifier for Advertisers). App Tracking Transparency (ATT) is not required as no tracking takes place. The app does not collect data for advertising purposes or for sharing with third parties as defined by Apple Privacy Labels.

Google Android

The complete data collection breakdown can be found in the Data Safety section of the app on Google Play Store.

9. Permissions

  • Location: For location-dependent weather and astronomy data. Can be revoked at any time in device settings.
  • Internet: For API requests (weather, solar, moon, holidays, Outlook).

10. Rights of Data Subjects

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR): Since all personal data is stored locally, you can delete it at any time by uninstalling the app or through the app settings.
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise your rights, contact: datenschutz@avioni.de

11. Withdrawal of Consent

  • Location: Revoke the location permission in your device settings.
  • Outlook: Sign out in the app or revoke access at myaccount.microsoft.com/permissions.
  • Local data: Delete your data in the app settings or uninstall the app.

Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

Der Landesbeauftragte fuer den Datenschutz und die Informationsfreiheit Baden-Wuerttemberg
www.baden-wuerttemberg.datenschutz.de

13. Contact

Avioni GmbH
Konrad Schmieder
Email: datenschutz@avioni.de